Critical severityOSV Advisory· Published Jan 20, 2026· Updated Jan 21, 2026
CVE-2025-65482
CVE-2025-65482
Description
An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fr.opensagres.xdocreport:fr.opensagres.xdocreport.documentMaven | >= 0.9.2, < 2.0.4 | 2.0.4 |
Affected products
2- Range: xdocreport-parent-1.0.5, xdocreport-parent-1.0.6, xdocreport-parent-2.0.0, …
- ghsa-coordsRange: >= 0.9.2, < 2.0.4
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-7jc7-g598-2p64ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-65482ghsaADVISORY
- drive.google.com/drive/folders/1hUyCznpBN7ivo5krmyJ4OQc_q626Hy5qghsaWEB
- github.com/opensagres/xdocreport/commit/d9b90ae6c9489dc43f6427ec7b315cab34125332ghsaWEB
- hackmd.io/@cuongnh/r1B7B8fJ-gghsaWEB
- hackmd.io/@cuongnh/rkJPCgSy-lghsaWEB
News mentions
0No linked articles in our index yet.